WordPress teachPress plugin <= 9.0.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin teachPress versions = 9.0.12...

CVE-2025-32149

CVE-2025-32149 affects the WordPress plugin teachPress (up to 9.0.11). The issue is an SQL injection caused by improper neutralization of input in the plugin, with exploitation requiring authentication (Contributor+). Current references indicate the patch status is Unpatched; no exploits or in-th...